Stop drowning in CVEs.
Focus on what matters.

200+ CVEs drop daily. vuln.today uses AI to tell you which ones affect your stack, how urgent they are, and what to do - in minutes, not days.

Live stats
56,415
Total CVEs tracked
17+
Data sources
1334
This week
111 CRITICAL 508 HIGH 667 MEDIUM 47 LOW
Last 30 days
No credit card Privacy-first 30-second setup 90-day free trial

Create your free account

Join security professionals who track smarter, not harder.

or
Two-factor authentication

Enter the 6-digit code from your authenticator app, or a backup code.

Secured by Google Firebase Authentication

By signing up you agree to our Terms and Privacy Policy.

Your personal security cockpit

Everything you need to track, triage, and fix vulnerabilities.

Personal Feed & Watchlist

Watch 500+ vendor, product, and technique tags. Your feed filters 200+ daily CVEs down to the ones that matter to you.

AI-Powered Analysis

Every CVE gets a plain-language summary, priority score (0-150+), and a decision label: Emergency, Act Now, This Week, or Monitor.

Stack Monitoring

Upload package.json, requirements.txt, go.mod, or pom.xml. Get alerted when a CVE hits your exact dependency version - with fix commands.

Slack & Email Alerts

Real-time Slack Block Kit cards or email digests. Configure per severity, per tag, or per stack. Daily or instant - your choice.

Personal Dashboard

KPI charts scoped to your watched tags: severity breakdown, priority distribution, patch gap, and a "patch now" list of what needs immediate attention.

REST API & CI/CD Gate

Programmatic CVE search, manifest scanning, and deploy blocking. POST your lockfile, get a pass/fail result with fix commands.

A better alternative to the CVE tracker you're using today

Honest, side-by-side comparison – including features we don't have. See the full matrix →

OCVE
OpenCVE Open-source self-hosted
CVED
CVE Details Free NVD frontend
VLN
Vulners API aggregator
SA
SecAlerts Stack alerts (paid)

Logos are trademarks of their respective owners. Used for nominative comparison purposes.

And that's just the beginning

Weekly Digest - personalized summary every Monday: top CVEs, new POCs, severity stats
Compliance Dashboard - DORA/NIS2 ICT provider risk tracking, CVE triage with owner assignment & due dates
Attack Techniques - CVEs mapped to MITRE ATT&CK techniques with knowledge cards and trend charts
Trends & Analytics - severity trends, CVSS/EPSS scatter, top CWEs, vendor trends, OWASP Top 10 distribution
Vendor Scorecards - risk rankings for all tracked vendors: CVE count, KEV/POC rate, patch gap, response time
Critical Watch - AI-curated daily top 3-5 most important CVEs with reasoning, right on your home feed
Saved Filters - build multi-condition CVE queries, name them, pin to nav - CVSS range, KEV, POC, tags, dates
Jira Integration - push CVEs directly to your Jira project as issues from the CVE detail page
Public Vulnerability Scanner - paste a dependency list or upload a manifest - instant results, no account needed
RSS Feeds - subscribe to CVE and ZDI feeds, filterable by severity, KEV, POC, or decision label
Smart Search - search by CVE ID, description, tag, EUVD ID, GHSA, or product/version (e.g. nginx/1.26)
CVE Groups - related CVEs automatically clustered (e.g. Patch Tuesday batches) for easier triage

Currently tracking 56,415 CVEs

Real vendors, products, and attack techniques - updated every 30 minutes.

Top vendors
WordPress Suse Redhat Linux Microsoft Google Apple Debian IBM Tenda Adobe D-Link Cisco Apache Intel TOTOLINK Oracle Dell Mozilla Gitlab
Top products
PHP Linux Kernel Memory Corruption Command Injection Windows Null Pointer Dereference Use After Free Ubuntu Android Deserialization macOS Stack Overflow Windows Server 2025 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2019 Windows 11 23h2 Windows 11 24h2 Windows 10 22h2 Windows 10 21h2 Debian Linux Windows 10 1809 Windows Server 2016 Java Heap Overflow
Attack techniques
Information Disclosure XSS Authentication Bypass Denial Of Service Buffer Overflow RCE SQLi CSRF Privilege Escalation Path Traversal Code Injection File Upload SSRF Lfi XXE

Enriched from 17+ authoritative sources

We cross-reference every CVE against government databases, vendor advisories, and community intelligence.

NVD
NVD CVSS, CPE, CWE
MITRE
CVE.org Primary CVE data
CISA
CISA KEV Known exploited
EPSS
EPSS Exploit probability
ENISA
ENISA EUVD EU advisories
GitHub Advisory GHSA & MAL
RH
Red Hat RHSA advisories
Ubuntu USN notices
DEB
Debian DSA/DLA
ATT&CK
MITRE ATT&CK Techniques & groups
CIRCL
CIRCL Sightings, CSAF
OSV
OSV Ecosystem advisories
ZDI
ZDI Zero Day Initiative
MISP
MISP Galaxies Threat actors
VDB
VulDB Exploit intel

Why not just use NVD?

NVD gives you raw data. CVSS score, CWE ID, CPE string. You still need to figure out: is this in my stack? Should I drop everything? Is there a patch? Is someone already exploiting it?

vuln.today gives you answers. Priority score, decision label, patch status, POC availability, vendor response, and a plain-language summary of what the vulnerability actually does.

NVD has one source. We cross-reference 17+ feeds: CISA KEV, EPSS, EUVD, GitHub Advisory, Red Hat, Ubuntu, Debian, CIRCL, ATT&CK, ZDI, and more.

NVD updates in days. We analyze new CVEs within minutes and can alert you in Slack before most security teams even know about them.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy